CVE-2025-13637 vulnerabilities

Vulnerabilities for packages: chromium...

Fedora 42 : chromium (2025-a41df7ce46)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-a41df7ce46 advisory. Update to 143.0.7499.40 High CVE-2025-13630: Type Confusion in V8 High CVE-2025-13631: Inappropriate implementation in Google Updater High...

Chromium: CVE-2025-13637 Inappropriate implementation in Downloads

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Security update to chromium (important)

openSUSE Security Update: Security update to chromium Announcement ID: openSUSE-SU-2025:0458-1 Rating: important References: 1254429 Cross-References: CVE-2025-13630 CVE-2025-13631 CVE-2025-13632 CVE-2025-13633 CVE-2025-13634 CVE-2025-13635 CVE-2025-13636 CVE-2025-13637 CVE-2025-13638...

CVE-2025-13637

creationtimestamp| type| source ---|---|--- 2025-12-03 13:30:20+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3m73kveq7ft2l 2025-12-09 17:29:16+00:00| seen| https://www.thezdi.com/blog/2025/12/9/the-december-2025-security-update-review...

SUSE CVE-2025-13637

Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass download protections via a crafted HTML page. Chromium security severity: Low...

Linux Distros Unpatched Vulnerability : CVE-2025-13637

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in specific UI gestur...

CVE-2025-13637

Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass download protections via a crafted HTML page. Chromium security severity: Low...

CVE-2025-13637

Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass download protections via a crafted HTML page. Chromium security severity: Low...

CVE-2019-13637

In LogMeIn join.me before 3.16.0.5505, an attacker could execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI that is defined in Windows. An attacker could exploit this vulnerability by convincing a targeted user to follow a...

CVE-2024-13637

The Demo Awesome plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the installplugin function in all versions up to, and including, 1.0.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

CVE-2024-13637 Demo Awesome <= 1.0.3 - Missing Authorization to Authenticated (Subscriber+) Plugin Activation

The Demo Awesome plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the installplugin function in all versions up to, and including, 1.0.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

CVE-2024-13637

CVE-2024-13637 pertains to the Demo Awesome WordPress plugin. The vulnerability is in the install_plugin function, where a missing capability check allows an authenticated user with Subscriber-level access and above to install and activate arbitrary plugins. Affected versions are up to and includ...

WordPress Demo Awesome plugin <= 1.0.3 - Missing Authorization to Authenticated (Subscriber+) Plugin Activation vulnerability

Missing Authorization to Authenticated Subscriber+ Plugin Activation vulnerability discovered by Krzysztof Zając in WordPress Plugin Demo Awesome versions = 1.0.3...

CVE-2020-13637

An issue was discovered in the stashcat app through 3.9.2 for macOS, Windows, Android, iOS, and possibly other platforms. It stores the clientkey, the deviceid, and the public key for end-to-end encryption in cleartext, enabling an attacker by copying or having access to the local storage databas...

CVE-2020-13637

The CVE-2020-13637 entry applies to the stashcat app up to version 3.9.2 across macOS, Windows, Android, iOS, and possibly other platforms. The root issue is the storage of sensitive credentials (client_key, device_id, and the public key for end-to-end encryption) in cleartext in the local storag...

CVE-2019-13637

In LogMeIn join.me prior to version 3.16.0.5505, an attacker could execute arbitrary commands on a targeted system. The root cause is unsafe search paths used by the application URI defined in Windows. An attacker could trick a user into clicking a malicious link, causing the application to load ...

CVE-2018-13637

Technical details about CVE-2018-13637 are not publicly available in the provided connected documents. No specifics on affected components, root cause, impact, or remediation are disclosed. Monitor for updates.